Cloud Automation Cloud Management Platform Cloud Operations Cross-Cloud Services vCloud Suite vRealize

AWS CloudFormation Integration with VMware vRealize Automation Cloud

Author: Carlos Boyd, VMware Solution Architect

Advanced Customer Engagement

Project Team:

Amanda Blevins, Mandy Botsko-Wilson, Darryl Cauldwell, Paul Chang, Kim Delgado, Dustin Ellis, Jason Karnes, Phoebe Kim, Andy Knight, Riaz Mohamed, Chris Mutchler, Nikolay Nikolov, Michael Patton, Raghu Pemmaraju




Infrastructure as Code (IaC) is the management of infrastructure (virtual machines, networks, security, topology, etc.) in a descriptive, plain-text model. IaC uses the same versioning technique that DevOps teams use for source code, which generates an identical environment every time the model is applied. This allows IT infrastructure to support rapid and dynamic changes, without being an obstacle or a constraint.
















Amazon Web Services (AWS) offers several IaC services with arguably the most prominent being CloudFormation.


What is CloudFormation

AWS CloudFormation is a configuration orchestration tool that allows you to describe and codify infrastructure to automate your deployments. It provides users an easy way to assemble and provision a collection of AWS resources in an orderly and predictable manner.


The description of AWS resources is contained in a CloudFormation template (CFT), which can be created with JSON or YAML. Additionally, you can use AWS CloudFormation Designer to visually create the desired environment and then extract the design as a template. During the configuration process, CloudFormation manages dependencies between your resources while automatically determining the correct sequence of actions to create your environment.












What is vRealize Automation Cloud

VMware vRealize Automation Cloud (vRA Cloud) allows you to manage your entire application portfolio across private and public clouds. Two of the primary components of vRA Cloud are Cloud Assembly and Service Broker. Like AWS CloudFormation, Cloud Assembly is an automation solution that enables IaC for expedited infrastructure consumption and application delivery. Service Broker aggregates native content from multiple clouds and platforms into a single catalog with role-based policies for IT service deployments.


Integrating CloudFormation with vRealize Automation Cloud

AWS CloudFormation can be combined with other IaC tools to provide the complete application framework delivery. For example, CloudFormation would handle the automated deployment and configuration of the underlying infrastructure components, while another IaC tool (like VMware vRA Cloud) would enable automated application deployment and configuration. Below is an example of how we can integrate AWS CloudFormation with VMware vRA Cloud:


  1. Appropriate security access to AWS
  2. Appropriate security access to VMware Cloud Services

Process Overview:

  1. Create/configure user in AWS
  2. Create CloudFormation template
  3. Configure S3 bucket
  4. Configure VMware vRealize Automation Cloud Service Broker
  5. Deploy CloudFormation via Service Broker

Step 1: Create/Configure user in AWS

  1. Login to AWS with an account that has permissions to create and configure a new user
  2. Click on the “Services” link at the top left and select the IAM Service

  3. On the “Welcome to Identity and Access Management” window, click the “Users” link
  4. Click the “Add user” button
  5. On the “Add User” window, type the desired “User name”. At a minimum, this user will need to be enabled for “Programmatic access”. Click the “Next…” button to continue
  6. On the next “Add user” window, select the “Attach existing policies directly” option. *Alternatively, you can create a group that has the required access permissions
  7. Select the permissions policy that will provide the user with the appropriate level access to AWS resources. *Alternatively, create a custom policy to define access permissions
  8. On the “Review” window, select the “Create user” button
  9. Once the user is successfully created, click the “Show” link under “Secret Access Key
  10. Save the text in “Access key ID” and “Secret Access Key” fields. Click “Close
  11. Creation and configuration of the new user is now complete



Step 2: Create CloudFormation Template

  1. Use the URL to download a sample CloudFormation Template to use as a base template.
    Alternatively, you can build/model an application stack in AWS and export as a CloudFormation Template.

    *Note: There are dozens of examples on the Internet on how to create and/or modify CloudFormation templates. Additionally, there are numerous sample templates that can be downloaded and manipulated for your purpose.
  2. Modify the template to ensure it has the desired configuration parameters. Ensure that the template has the required “instance types,” “regions,” “architectures,” “networks,” and “security” related parameters.
  3. Using the AWS Management Console or the AWS CLI, deploy the template to ensure that it successfully builds the desired environment. If there are any issues with the manual deployment, make the appropriate modifications and redeploy until successfully deployed.
  4. Save the template.

Step 3: Configure S3 Bucket

  1. Login to AWS Console to create an S3 bucket for the CloudFormation template(s). *Alternatively, you can choose to save your templates in a different central location, like a Github repository.
  2. Click on the “Services” link at the top left and select the S3 Service

  3. On the “S3 buckets” window, click the “+ Create bucket” button
  4. On the “Create bucket” window, enter a “Bucket name” and select a “Region” to place the bucket in. Click the “Next” button
  5. Leave the default selections on the next window and click the “Next” button
  6. On the “Set permissions” window, deselect the “Block all public access” checkbox. Click the “Next” button
  7. On the “Review” window, click the “Create bucket” button
  8. Once the S3 bucket is created, it will be visible in the “S3 buckets” window. Open the bucket by clicking on the bucket name
  9. In the bucket window, click the “Upload” button
  10. On the “Upload” window, either drag the saved template(s) and drop them on the window -or- click the “Add files” button to select the template(s)
  11. The template(s) should now be displayed in the “Upload” window. Click the “Upload” button
  12. With the template now uploaded to the S3 bucket, Select the Checkbox next to the template name
  13. A pop-up window with the template’s properties will be displayed. Select the “Permissions” link towards the bottom
  14. On the template’s permissions page, SelectEveryone
  15. The template now has the required permissions to be accessed for deployment via VMware vRealize Automation Cloud.


Step 4: Configure VMware Cloud Services – Service Broker

  1. Login to VMware Cloud Services with an account that has permissions to create the required constructs for Service Broker
  2. On the “My Services” page, click the “VMware Service Broker” button
  3. On the “Service Broker” page, select “Infrastructure” from the top menu
  4. On the left menu, select “Cloud Accounts”, then click the “+ ADD CLOUD ACCOUNT” button
  5. On the “Account Types” page, select the “Amazon Web Services” button
  6. On the “New Cloud Account” page, enter the “Access key ID” and “Secret access key” that were recorded during the AWS user creation phase above. Give the account a name and click the “ADD” button
  7. The new Cloud Account is now available and should show a Status of OK
  8. From the menu on the left, select “Cloud Zones”. On the Cloud Zones page, click the “+ NEW CLOUD ZONE” button
  9. On the “New Cloud Zone” page, select the desired AWS Account / region. Give the Cloud Zone a “Name. Click the “Compute” link
  10. On the “Compute” tab, select the checkbox(es) of the regions that you wish to push deployments. Click the “CREATE” button
  11. On the left menu, click the “Projects” link. On the “Projects” page, click the “+ NEW PROJECT” button
  12. On the “New Project” page, add a Name for the project then click the “Users” link
  13. On the “New Project – Users” page add the users that will have access to this project. Either click the “+ ADD USERS” button or the “+ ADD USER GROUPS” button to add the users. With the users added, click the “Provisioning” link
  14. On the “New Project – Provisioning” page, click the “+ ADD CLOUD ZONE” button.
  15. On the “Add Cloud Zone” page, search for the cloud zone that was created in Steps 8-10. You can choose to accept the defaults for “Provisioning Priority” and “Instances limit”, or you can provide the desired settings for one or both. Click the “ADD” button.
  16. Back on the “New Project” page, if there are any customer properties you require, fill those out before clicking the “CREATE” button
  17. From the top menu, select the “Content & Policies” link
  18. On the “Content Sources” page, click the “NEW” button
  19. On the “New Content Source” page, enter/select the following information:
    1. Type: AWS CloudFormation Template
    2. Name: Provide a name for the Content Source
    3. Description: *Optional
    4. Bucket Name: Name of the S3 Bucket created in a previous step above
    5. Bucket Access Policy: Public
    6. Click the “Validate” button to ensure you can access the S3 Bucket
    7. Account: Select the Cloud Account that was created in a previous step above
    8. Region: Select the region where deployments will be created
    9. Click the “CREATE & IMPORT” button
  20. On the left menu, select the “Content Sharing” link. On the “Content Sharing” page, search for the project that was created in an earlier step
  21. On the “Select Project” page, select the project that was created in an earlier step. Click the “Select” button
  22. Locate the Content Source that was created in an earlier step and place a checkmark next to the content that should be shared. Click the “Save” button
  23. Click the “Content” link on the left menu. All of the available shared content will be displayed in the “Content” window
  24. You can optionally choose to customize the template(s) showing in the “Content” window. You do this by clicking the 3 dots to the left of the template and select “Customize form”. *Note: customizing the form can be a pretty extensive topic on its own. This process assumes no customization.
  25. You are now ready to deploy CloudFormation templates from within Service Broker.

Step 5: Deploy CloudFormation via Service Broker

With all of the settings and configurations in place, there are now AWS CloudFormation templates available in the Service Broker Catalog. To deploy these CloudFormation templates, do the following:

  1. From the top menu in Service Broker, select “Catalog
  2. On the “Catalog Items” page, locate the CloudFormation template you wish to deploy, and choose the “REQUEST” link within that catalog item
  3. On the “New Request” page, fill out all of the required items that are marked with a red asterisk *. Click the “SUBMIT” button
  4. Once submitted, the CloudFormation template will begin deployment
  5. When the deployment is finished, you will be able to access the newly deployed environment


Although this was a generic example of integrating AWS CloudFormation with VMware vRealize Automation Cloud Service Broker, the same process can be used to deploy any application framework to any desired cloud platform (i.e. Microsoft Azure, Google Cloud, vSphere).

vRealize Automation Cloud is offered as a service and, you can get started with a free trial now!

Visit our website to learn more.

Detailed documentation for vRA Cloud can be found here



One comment has been added so far

  1. Hello,

    Just a friendly reminder not to publish AWS access and secret keys publicly, or if you do so, make sure you have rotated the credentials. Also from security perspective I would recommend granting only the required least privileges to your VRA IAM user account.

    Walkthrough contents are great by the way, we are just looking at doing something cool with this integration.


Leave a Reply

Your email address will not be published.